<!-- navigation bar -->
<nav class="nav-bar">
<ul>
- <li><a href="https://dpolakovic.space">About</a></li>
- <li><a href="https://dpolakovic.space/blog.php">Blog</a></li>
- <li><a href="https://dpolakovic.space/dir.php">Web directory</a></li>
- <li><a href="https://dpolakovic.space/mars-clock.php">Mars clock</a></li>
- <li><?php serverStatus() ?></li>
+ <li><a href="https://www.dpolakovic.space">About</a></li>
+ <li><a href="https://www.dpolakovic.space/blog.php">Blog</a></li>
+ <li><a href="https://www.dpolakovic.space/mars-clock.php">Mars clock</a></li>
+ <li><a href="https://www.dpolakovic.space/dead-drop.php">Dead drop</a></li>
+ <li><?php serverStatus() ?></li>
</ul>
</nav>
Publications on this domain are licensed under
<a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.
<br>
- This site is javascript and cookie free. The source code is available
+ This site uses no client side scripting. The source code is available
<a href="https://git.dpolakovic.space/?p=my-website;a=tree">here</a>
under
<a href="https://www.gnu.org/licenses/gpl-3.0.en.html">GPLv3 license</a>.
--- /dev/null
+<!DOCTYPE html>
+<html lang="en">
+ <head>
+ <meta charset="UTF-8">
+ <meta name="viewport" content="width=600, initial-scale=1.0">
+ <title>dpolakovic.space</title>
+ <link rel="icon" href="./Pictures/dot.png">
+ <link rel="stylesheet" href="./Styles/styles.css">
+ <?php require_once('./php/config.php'); ?>
+ <?php require_once('./php/dd.php'); ?>
+ <link rel="author" href="mailto:email@dpolakovic.space">
+ <meta name="description" content="personal website and git server">
+ <meta name="author" content="David Polakovic, 2023">
+
+ </head>
+ <body>
+ <?php cleanTheCity(); ?>
+
+ <!-- show pictures (banner) on top of the page -->
+ <div class="banner">
+ <p>
+ <img src="./Pictures/dpolakovic.png" alt="simple">
+ <img src="./Pictures/dot.png" alt="website">
+ <img src="./Pictures/space.png" alt="banner">
+ </p>
+ </div>
+
+ <!-- navigation bar -->
+ <nav class="nav-bar">
+ <ul>
+ <li><a href="https://www.dpolakovic.space">About</a></li>
+ <li><a href="https://www.dpolakovic.space/blog.php">Blog</a></li>
+ <li><a href="https://www.dpolakovic.space/mars-clock.php">Mars clock</a></li>
+ <li><a href="https://www.dpolakovic.space/dead-drop.php">Dead drop</a></li>
+ <li><?php serverStatus() ?></li>
+ </ul>
+ </nav>
+
+ <!-- page content -->
+ <main class="content">
+ <p>
+ <h2> Dead drop </h2>
+ <i> Tradecraft meets bored hackers. </i>
+ <br>
+ <br>
+ A dead drop is a spy technique used for anonymous information exchange. When you stash your
+ message in a dead drop, it will be hidden from anyone who doesn't know its location. It
+ also uses MD5 hashing and AES-256-CBC encryption to keep it hidden from the hosting provider
+ and webmaster as well. Enter the coordinates of a dead drop to check if it's hot (has stashed message)
+ or if it's cold (empty).
+ <!-- Still, it's a good idea to keep your message brief in case the dead drop location is ever compromised. -->
+ <br><br><br>
+ </p>
+ <p>
+<center>
+<?php deadDropUI(); ?>
+</center>
+</p>
+ <br><br>
+ <hr>
+ <p>
+ <i>
+ <?php countActiveDrops(); ?>
+ Every dead drop goes cold after 18 hours.
+ <br><br>
+ </i>
+</p>
+ </main>
+
+ <!-- footer -->
+ <footer class="footer">
+ Copyright <?php printYear() ?> David Polakovic -
+ Publications on this domain are licensed under
+ <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.
+ <br>
+ This site uses no client side scripting. The source code is available
+ <a href="https://git.dpolakovic.space/?p=my-website;a=tree">here</a>
+ under
+ <a href="https://www.gnu.org/licenses/gpl-3.0.en.html">GPLv3 license</a>.
+ </footer>
+ <br><br>
+
+ </body>
+ </html>
+++ /dev/null
-<!DOCTYPE html>
-<html lang="en">
- <head>
- <meta charset="UTF-8">
- <meta name="viewport" content="width=600, initial-scale=1.0">
- <title>dpolakovic.space</title>
- <link rel="icon" href="./Pictures/dot.png">
- <link rel="stylesheet" href="./Styles/styles.css">
- <?php require_once('./php/config.php'); ?>
- <link rel="author" href="mailto:email@dpolakovic.space">
- <meta name="description" content="personal website and git server">
- <meta name="author" content="David Polakovic, 2023">
-
- </head>
- <body>
-
- <!-- show pictures (banner) on top of the page -->
- <div class="banner">
- <p>
- <img src="./Pictures/dpolakovic.png" alt="simple">
- <img src="./Pictures/dot.png" alt="website">
- <img src="./Pictures/space.png" alt="banner">
- </p>
- </div>
-
- <!-- navigation bar -->
- <nav class="nav-bar">
- <ul>
- <li><a href="https://dpolakovic.space">About</a></li>
- <li><a href="https://dpolakovic.space/blog.php">Blog</a></li>
- <li><a href="https://dpolakovic.space/dir.php">Web directory</a></li>
- <li><a href="https://dpolakovic.space/mars-clock.php">Mars clock</a></li>
- <li><?php serverStatus() ?></li>
- </ul>
- </nav>
-
- <!-- page content -->
- <main class="content">
- <p>
- <h2> My Web directory </h2>
- <i> Let's explore the Web. </i>
- <br>
- <br>
- The online space is vast and still expanding. Sadly, not thanks to
- the users but rather spam bots and focus black holes - the social networks.
- Therefore it's good practice for surfers to share links between each other
- in "web directories" like this one. So here are links I thought you might
- find useful.
- </p>
- <p>
- <b>software</b><br>
- <a href="https://directory.fsf.org/wiki/Main_Page">Free software directory</a>
- - a collaborative catalog of free software<br>
- <a href="https://winworldpc.com/home">WinWorld</a>
- - online museum/library of vintage operating systems<br>
- <a href="https://eblong.com/infocom/">Infocom catalog</a>
- - every Infocom text adventure ever<br>
- <a href="https://kolibrios.org/en/">KolibriOS</a>
- - operating system on 1,44MB floppy<br>
- <a href="https://atariage.com/index.php">AtariAge</a>
- - hub for enthusiasts of Atari PCs and consoles<br>
- </p>
- <p>
- <b>programming</b><br>
- <a href="https://whichjdk.com/">Which JDK?</a>
- - neat website for navigating alternative Java Dev Kits<br>
- <a href="https://sdkman.io/">SDKman</a>
- - must have tool for every JVM based project<br>
- <a href="https://mvnrepository.com/">MVN repository</a>
- - Java libraries packed in .jars<br>
- <a href="https://perlmonks.org/">Perl monks</a>
- - best place to seek help and wisdom in Perl<br>
- <a href="https://rosettacode.org/wiki/Category:Programming_Tasks">Rosetta Code</a>
- - solutions for many tasks in many languages [2]<br>
- <a href="https://opensource.com/sites/default/files/2022-04/OSDC_cheatsheet-git-2022.4.7.pdf">Git cheat sheet</a>
- - feel free to laugh, but I use this a lot [PDF]
- </p>
- <p>
- <b>tools & tutorials</b><br>
- <a href="https://cidr.xyz/">Cidr.xyz</a>
- - when you don't want to die over subnet tables [3]<br>
- <a href="https://www.deadlinkchecker.com/">Broken link checker</a>
- - it does, exactly what it says [3]<br>
- <a href="https://wine.htmlvalidator.com/">Installing Wine on Linux</a>
- - this is tricky task for many distros<br>
- </p>
- <p>
- <b>other</b><br>
- <a href="https://lkml.iu.edu/hypermail/linux/kernel/">Linux Kernel Mailing List</a>
- - this is my preferred instance<br>
- <a href="https://wiki.eth0.nl/index.php/LackRack">Lack rack</a>
- - nice hack that I use for my servers<br>
- <a href="https://www.floppydisk.com">Floppydisk.com</a>
- - new and refurbished floppies for okay prices [3]<br>
- <a href="https://brisray.com/web/webring-list.htm">Webring list</a>
- - pick a community and meet fellow netizens<br>
- <a href="https://www.gutenberg.org/">Project Gutenberg</a>
- - my go to place to get books online<br>
- <a href="https://www.av8n.com/physics/thermo/">Av8ns thermodynamics</a>
- - thermodynamics reference page<br>
- <a href="https://www.swpc.noaa.gov/">SWPC NOAA</a>
- - space weather forecast [3]<br>
- <a href="https://en.uesp.net/wiki/Morrowind:Morrowind#Quest_Information">UESP wiki</a>
- - everything I ever needed for Morrowind [1, 3]
- </p>
- <br>
- <hr>
- <p>
- Some of these websites contains "allergens"<br>
- [1] - advertisements,
- [2] - unnecessary cookies,
- [3] - proprietary javascript
- </p>
- <br>
- </main>
-
- <!-- footer -->
- <footer class="footer">
- Copyright <?php printYear() ?> David Polakovic -
- Publications on this domain are licensed under
- <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.
- <br>
- This site is javascript and cookie free. The source code is available
- <a href="https://git.dpolakovic.space/?p=my-website;a=tree">here</a>
- under
- <a href="https://www.gnu.org/licenses/gpl-3.0.en.html">GPLv3 license</a>.
- </footer>
- <br><br>
-
- </body>
- </html>
<!-- navigation bar -->
<nav class="nav-bar">
- <li><a href="https://dpolakovic.space">About</a></li>
- <li><a href="https://dpolakovic.space/blog.php">Blog</a></li>
- <li><a href="https://dpolakovic.space/dir.php">Web directory</a></li>
- <li><a href="https://dpolakovic.space/mars-clock.php">Mars clock</a></li>
- <li><?php serverStatus() ?></li>
+ <ul>
+ <li><a href="https://www.dpolakovic.space">About</a></li>
+ <li><a href="https://www.dpolakovic.space/blog.php">Blog</a></li>
+ <li><a href="https://www.dpolakovic.space/mars-clock.php">Mars clock</a></li>
+ <li><a href="https://www.dpolakovic.space/dead-drop.php">Dead drop</a></li>
+ <li><?php serverStatus() ?></li>
</ul>
</nav>
<a href="https://emailselfdefense.fsf.org/en/">(how to use GPG keys?)</a>
</center>
</p>
+ <p>
+ </p>
<br>
<p>
<a class="gif-buttons" href="https://en.wikipedia.org/wiki/Glider_(Conway%27s_Game_of_Life)">
Publications on this domain are licensed under
<a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.
<br>
- This site is javascript and cookie free. The source code is available
+ This site uses no client side scripting. The source code is available
<a href="https://git.dpolakovic.space/?p=my-website;a=tree">here</a>
under
<a href="https://www.gnu.org/licenses/gpl-3.0.en.html">GPLv3 license</a>.
<!-- navigation bar -->
<nav class="nav-bar">
- <li><a href="https://dpolakovic.space">About</a></li>
- <li><a href="https://dpolakovic.space/blog.php">Blog</a></li>
- <li><a href="https://dpolakovic.space/dir.php">Web directory</a></li>
- <li><a href="https://dpolakovic.space/mars-clock.php">Mars clock</a></li>
- <li><?php serverStatus() ?></li>
+ <ul>
+ <li><a href="https://www.dpolakovic.space">About</a></li>
+ <li><a href="https://www.dpolakovic.space/blog.php">Blog</a></li>
+ <li><a href="https://www.dpolakovic.space/mars-clock.php">Mars clock</a></li>
+ <li><a href="https://www.dpolakovic.space/dead-drop.php">Dead drop</a></li>
+ <li><?php serverStatus() ?></li>
</ul>
</nav>
converted time with actual daylight on the Red Planet.
</p>
<p>
- As you can see, the Mars clock is not autoupdating itself like traditional clock,
+ Note, that original Darian calendar designates the first
+ day of each month as the start of a new week, which results in a one-day weekend occurring
+ three or four times a year. I am uncertain how this would be received by future Martian
+ colonists, so I didn't implemented this feature as well as
+ winter/summer time shifts or any holidays whatsoever.
+ </p>
+ <p>
+ Also, the clocks are not updating automatically like clocks usually do,
because I didn't want to DDOS myself nor invade your client with
- <i>any</i> scripting. It is also not very usefull extraterrestrially,
+ <i>any</i> scripting. It is also not very useful extraterrestrially,
so I made a portable version which you can fit on your Raspberry
Pi or any device running Java. It runs in GUI mode and terminal as well.
</p>
Publications on this domain are licensed under
<a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.
<br>
- This site is javascript and cookie free. The source code is available
+ This site uses no client side scripting. The source code is available
<a href="https://git.dpolakovic.space/?p=my-website;a=tree">here</a>
under
<a href="https://www.gnu.org/licenses/gpl-3.0.en.html">GPLv3 license</a>.
<?php
-// Function to check if is certain website reachable
function isWebsiteOnline($url) {
- // Set a timeout value in seconds
- $timeout = 2;
-
- $ch = curl_init($url);
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
- curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);
- $response = curl_exec($ch);
- $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
- curl_close($ch);
-
- // Check if the HTTP code is in the range 200-299
- // to consider it as "online"
- return ($httpCode >= 200 && $httpCode < 300);
-}
+ $domain = parse_url($url, PHP_URL_HOST);
+ $port = 80;
+
+ // Use port 443 if the URL scheme is HTTPS
+ if (parse_url($url, PHP_URL_SCHEME) == 'https') {
+ $port = 443;
+ }
+ // Try to open a socket connection to the domain on the specified port
+ $connection = @fsockopen($domain, $port, $errno, $errstr, 2);
+
+ if ($connection) {
+ fclose($connection);
+ return true;
+ } else {
+ return false;
+ }
+}
// Function displays <li> element on navigation bar
// either online or offline status of gitserver
function serverStatus() {
- $websiteUrl = "https://git.dpolakovic.space";
-
- if (isWebsiteOnline($websiteUrl)) {
- echo '<a class="gitserver" href="https://git.dpolakovic.space">'.
- 'Git server | online</a>';
- }
- else {
- echo '<a class="gitserver" href="">Git server | offline</a>';
- }
+ $websiteUrl = "https://git.dpolakovic.space";
+
+ if (isWebsiteOnline($websiteUrl)) {
+ echo '<a class="gitserver" href="https://git.dpolakovic.space">Git server | online</a>';
+ } else {
+ echo '<a class="gitserver" href="">Git server | offline</a>';
+ }
}
// Function for index.php to generate random second sentence
else { echo "2023"; }
}
-
// Function to convert RSS file into blog page
function printBlog2($rss_file) {
}
}
-
// Function to print my books on the website
function printLibraryTable() {
// Read the contents of the lib.txt file
}
+function keyGen() {
+ // Define the alphabet
+ $alphabet = 'abcdefghijklmnopqrstuvwyzABCDEFGHIJKLMNOPQRSTUVXYZ013456789?!-()';
+
+ // Generate the 50 character string
+ $key = '';
+ $length = 50;
+
+ // Ensuring exactly one 'W', exactly one '.' or exactly two ',', exactly one 'x0' (next to each other), and exactly two '2's
+ $key .= 'W'; // Add 'W' at a random position later
+ $key .= '2'; // Add one '2' at a random position later
+ $key .= '2'; // Add second '2' at a random position later
+
+ // Decide randomly between adding a single '.' or two commas (',')
+ if (rand(0, 1)) {
+ $key .= '.'; // Add a single dot
+ } else {
+ $key .= ',,'; // Add two commas
+ }
+
+ // Fill the rest of the string with random characters from the alphabet
+ $remainingLength = $length - strlen($key);
+ for ($i = 0; $i < $remainingLength; $i++) {
+ $key .= $alphabet[rand(0, strlen($alphabet) - 1)];
+ }
+
+ // Randomly shuffle the characters to place everything in random positions
+ $key = str_shuffle($key);
+
+ // Generate the current date and time in format YYYYMMDDHHMM
+ $currentDate = date("YmdHis");
+ $currentDate = substr($currentDate, 0, 12); // Extract just the YYYYMMDDHHMM part
+
+ // Convert the date to letters (1 -> a, 2 -> b, 3 -> c, etc.)
+ $dateInLetters = '';
+ for ($i = 0; $i < strlen($currentDate); $i++) {
+ $digit = (int)$currentDate[$i];
+ $dateInLetters .= chr(97 + $digit); // 97 is ASCII for 'a'
+ }
+
+ // Concatenate the 50-character key and the converted date
+ $result = $key . $dateInLetters;
+
+ return $result;
+}
+
+function generateNewKey() {
+ // Path to the file
+ $file = 'strawberry';
+
+ // Read the content of the file
+ $fileContents = file($file, FILE_IGNORE_NEW_LINES);
+
+ // Get the generated key from the keyGen function
+ $newKey = keyGen();
+
+ // Substitute the fifth line with the new key
+ $fileContents[4] = $newKey;
+
+ // Write the updated content back to the file
+ file_put_contents($file, implode(PHP_EOL, $fileContents) . PHP_EOL);
+
+}
+
?>
\ No newline at end of file
--- /dev/null
+<?php
+
+function countActiveDrops() {
+ $directory = "./Dead-drops";
+
+ // Check if the directory exists
+ if (is_dir($directory)) {
+ // Scan the directory and get all files
+ $files = scandir($directory);
+
+ // Filter out the current (.) and parent (..) directories
+ $files = array_diff($files, array('.', '..'));
+
+ // Count the number of files
+ $fileCount = count($files);
+
+ // Echo the result
+ if ($fileCount == 0){
+ echo "There is no hot drop on this domain right now.";
+ }
+
+ if ($fileCount == 1){
+ echo "There is exactly one hot drop on this domain right now.";
+ }
+
+ if ($fileCount > 1){
+ echo "There are $fileCount hot drops on this domain right now.";
+ }
+
+ } else {
+ echo "Directory '$directory' does not exist.";
+ }
+
+}
+
+function cleanTheCity() {
+ $directory = "./Dead-drops";
+ $now = time();
+ $expiry = 18 * 3600;
+
+ if (is_dir($directory)) {
+ $files = scandir($directory);
+ foreach ($files as $file) {
+ // Skip the specific file by name
+ if ($file == '75cfce5a009d44910a23bd55a3f8f0bd') {
+ continue;
+ }
+
+ $filePath = $directory . DIRECTORY_SEPARATOR . $file;
+ if (is_file($filePath)) {
+ $fileAge = $now - filemtime($filePath);
+ if ($fileAge > $expiry) {
+ unlink($filePath);
+ }
+ }
+ }
+ } else {
+ echo "<p><strong>Error:</strong> Folder <code>./Locations</code> not found.</p>";
+ }
+}
+
+
+
+function deadDropUI() {
+ session_start();
+ $csrf_lifetime = 600;
+ $session_id_key = 'csrf_token_session_id';
+
+ if (!isset($_SESSION['csrf_token'], $_SESSION['csrf_token_time'], $_SESSION[$session_id_key]) ||
+ session_id() !== $_SESSION[$session_id_key] ||
+ time() - $_SESSION['csrf_token_time'] > $csrf_lifetime) {
+ $_SESSION['csrf_token'] = bin2hex(random_bytes(32));
+ $_SESSION['csrf_token_time'] = time();
+ $_SESSION[$session_id_key] = session_id();
+ }
+
+ $token = $_SESSION['csrf_token'];
+ $result = deadDropLogic();
+ $dropCount = count(glob('./Dead-drops/*'));
+
+ if (($result['mode'] === 'initial' && $dropCount < 501) ||
+ ($result['mode'] === 'readonly' && $result['status'] === 'invalid')) {
+ echo <<<HTML
+ <style>input[type="text"],input[type="submit"] { font-size: 16.5px; }</style>
+ <form method="post">
+ <label><a href="https://en.wikipedia.org/wiki/W3w#Design" target="_blank">?</a> </label>
+ <input type="hidden" name="csrf_token" value="{$token}">
+ <input type="text" id="inputString" name="inputString" placeholder="///what.three.words" size="30" maxlength="50" required>
+ <input type="submit" value="Check">
+ </form>
+ HTML;
+ } elseif ($result['mode'] === 'initial' && $dropCount >= 501) {
+ echo "This domain is too hot. Come back later when there won't be so much heat";
+ }
+
+ if ($result['mode'] === 'readonly') {
+ if ($result['status'] === 'hot') {
+ echo "<pre>" . htmlspecialchars($result['decrypted'], ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8') . "</pre>";
+ echo <<<HTML
+ <form method="post">
+ <input type="hidden" name="csrf_token" value="{$token}">
+ <input type="hidden" name="burnW3W" value="{$result['w3w']}">
+ <input type="submit" value="Burn message">
+ </form>
+ HTML;
+ } elseif ($result['status'] === 'cold') {
+ echo "<h3>" . htmlentities($result['w3w']) ."</h3>This drop is cold. You can stash your message here.<br><br>";
+ echo <<<HTML
+ <form method="post">
+ <input type="hidden" name="csrf_token" value="{$token}">
+ <input type="hidden" name="originalW3W" value="{$result['w3w']}">
+ <textarea name="stashContent" maxlength="4096" rows="10" cols="60" placeholder="max 4096 chars" required></textarea><br><br>
+ <input type="submit" value="Stash">
+ </form>
+ HTML;
+ } elseif ($result['status'] === 'invalid') {
+ echo "<br>{$result['message']}";
+ }
+ } elseif ($result['mode'] === 'stashed') {
+ echo "<h3>Message stashed at " . htmlentities($result['w3w']) ."</h3>Your dead drop is hot.";
+ }
+}
+
+function deadDropLogic() {
+ session_start();
+ $csrf_lifetime = 600;
+ $session_id_key = 'csrf_token_session_id';
+
+ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+ if (!isset($_POST['csrf_token'], $_SESSION['csrf_token'], $_SESSION['csrf_token_time'], $_SESSION[$session_id_key]) ||
+ $_POST['csrf_token'] !== $_SESSION['csrf_token'] ||
+ session_id() !== $_SESSION[$session_id_key] ||
+ time() - $_SESSION['csrf_token_time'] > $csrf_lifetime) {
+ die('CSRF token invalid or expired. Reload the website, that usually helps...');
+ }
+
+ if (isset($_POST['burnW3W'])) {
+ $input = trim($_POST['burnW3W']);
+ $hashed = md5($input);
+ if (!isValidHash($hashed)) die('Invalid hash');
+ $file = './Dead-drops/' . $hashed;
+ if (file_exists($file)) unlink($file);
+ header("Location: https://www.dpolakovic.space/dead-drop");
+ exit;
+ }
+
+ if (isset($_POST['stashContent'], $_POST['originalW3W'])) {
+ $input = trim($_POST['originalW3W']);
+ $hashed_w3w = md5($input);
+ if (!isValidHash($hashed_w3w)) die('Invalid hash');
+ $plaintext = $_POST['stashContent'];
+
+ if (strlen($plaintext) > 4096) {
+ return ['mode' => 'readonly', 'w3w' => $input, 'status' => 'invalid', 'message' => 'ERROR: Message too long.'];
+ }
+
+ $filepath = "./Dead-drops/{$hashed_w3w}";
+ if (file_exists($filepath)) {
+ return ['mode' => 'readonly', 'w3w' => $input, 'status' => 'hot'];
+ }
+
+ $cipher = "AES-256-CBC";
+ $key = hash('sha256', $input);
+ $iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length($cipher));
+ $encrypted = openssl_encrypt($plaintext, $cipher, $key, 0, $iv);
+ $output = base64_encode($iv . $encrypted);
+ file_put_contents($filepath, $output);
+ return ['mode' => 'stashed', 'w3w' => $input];
+ }
+
+ if (isset($_POST['inputString'])) {
+ $input = trim($_POST['inputString']);
+ if (!validateString($input)) {
+ return ['mode' => 'readonly', 'w3w' => $input, 'status' => 'invalid', 'message' => 'ERROR: Invalid coordinates format.'];
+ }
+ if (!validateStringW3W($input)) {
+ return ['mode' => 'readonly', 'w3w' => $input, 'status' => 'invalid', 'message' => 'ERROR: Place you are looking for doesn\'t exist.'];
+ }
+ $hashed = md5($input);
+ if (!isValidHash($hashed)) die('Invalid hash');
+ $dropPath = './Dead-drops/' . $hashed;
+ if (file_exists($dropPath)) {
+ $raw = file_get_contents($dropPath);
+ $data = base64_decode($raw);
+ $iv_len = openssl_cipher_iv_length("AES-256-CBC");
+ $iv = substr($data, 0, $iv_len);
+ $ciphertext = substr($data, $iv_len);
+ $key = hash('sha256', $input);
+ $decrypted = openssl_decrypt($ciphertext, "AES-256-CBC", $key, 0, $iv);
+ return [
+ 'mode' => 'readonly',
+ 'w3w' => $input,
+ 'status' => 'hot',
+ 'decrypted' => $decrypted
+ ];
+ } else {
+ return [
+ 'mode' => 'readonly',
+ 'w3w' => $input,
+ 'status' => 'cold'
+ ];
+ }
+ }
+ }
+
+ return ['mode' => 'initial'];
+}
+
+function isValidHash($hash) {
+ return preg_match('/^[a-f0-9]{32}$/', $hash) === 1;
+}
+
+
+
+
+
+
+
+
+
+
+
+function validateString($str) {
+ if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
+ return false;
+ }
+
+ if (substr($str, 0, 3) !== "///") {
+ return false;
+ }
+
+ $parts = substr($str, 3);
+ if (substr_count($parts, ".") !== 2) {
+ return false;
+ }
+
+ if (!preg_match('/^[a-z]+\.[a-z]+\.[a-z]+$/', $parts)) {
+ return false;
+ }
+
+ return true;
+}
+
+function validateStringW3W($str) {
+ if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
+ return false;
+ }
+
+ $API_KEY = '747757BO';
+ $cleaned = substr($str, 3);
+ $url = 'https://api.what3words.com/v3/autosuggest?input=' . urlencode($cleaned) . '&key=' . urlencode($API_KEY);
+
+ $ch = curl_init();
+ curl_setopt($ch, CURLOPT_URL, $url);
+ curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+ $response = curl_exec($ch);
+
+ if (curl_errno($ch)) {
+ echo "Curl error: " . curl_error($ch);
+ return false;
+ }
+
+ curl_close($ch);
+ $result = json_decode($response, true);
+
+ if (isset($result['suggestions']) && count($result['suggestions']) > 0) {
+ foreach ($result['suggestions'] as $suggestion) {
+ if (strcasecmp($suggestion['words'], $cleaned) === 0) {
+ return true;
+ }
+ }
+ }
+
+ return false;
+}
\ No newline at end of file
